Rekeying the key encryption key

Encryption License Key User Guide

Part Number

If you created the key encryption key (KEK) on the key management server, you can rekey the KEK.

  • You must have the Security Administrator (View & Modify) role.
  1. On the Explorer pane, select Administration, and then select Encryption Keys.
  2. On the Encryption Keys tab, select the key ID of the KEK from the Encryption Keys table.
  3. Click More Actions > Rekey Key Encryption Key.
    If you are migrating to a new KMS and the DKCMAIN firmware version is 90-03-0x or later, a new KEK is created automatically on the new KMS when you change the KMS connection settings in the Edit Encryption Environmental Settings window. Therefore, the Rekey Key Encryption Key window is not used to migrate the KMS to another server. However, if there was a problem connecting to the new KMS and you need to create the new KEK manually, select Create a new key encryption key on the key management server.
  4. Click Finish.
  5. Confirm the settings, and enter your task name in Task Name.
    If you want the Tasks window to open after you click Apply, select Go to tasks window for status.
  6. Click Apply.